Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow, no Start Menu, can't dowload or Run programs. [Closed]


  • This topic is locked This topic is locked

#16
worldwidewandering

worldwidewandering

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I was able to remove Conduit and Firefox is running fine. I managed to get Malwarebytes installed and ran a scan and it found 6 infected items, which I removed. I've included the Malwarbytes scan log below.



--------------
- Unhide Log -
--------------



Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingc...opic405109.html

Program started at: 09/12/2013 08:48:18 PM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 298115 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 11791 files processed.

The C:\Users\WORLWI~1\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingc...opic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
* DisableTaskMgr policy was found and deleted!
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
* HidNoChangingWallPaperden policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowHelp was set to 0! It was set back to 1!
* Start_ShowMyMusic was set to 0! It was set back to 1!
* Start_ShowMyPics was set to 0! It was set back to 1!
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowRun was set to 0! It was set back to 1!
* Start_ShowSearch was set to 0! It was set back to 1!
* Start_ShowNetPlaces was set to 0! It was set back to 1!
* Start_ShowMyGames was set to 0! It was set back to 1!

Program finished at: 09/12/2013 09:24:52 PM
Execution time: 0 hours(s), 37 minute(s), and 0 seconds(s)




--------------------
- Malwarebytes Log -
--------------------



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 913091303

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/13/2013 1:55:03 AM
mbam-log-2013-09-13 (01-55-02).txt

Scan type: Quick scan
Objects scanned: 241229
Time elapsed: 22 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\LINKSWIFT (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\LinkSwift\iid (PUP.Optional.LinkSwift.A) -> Value: iid -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\worlwidewandering\downloads\the_rifleman_season_2_secure.exe (PUP.Optional.Topmedia) -> Quarantined and deleted successfully.
c:\Users\worlwidewandering\downloads\movie_player_1280.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
c:\Users\worlwidewandering\downloads\vlcmediaplayer-setup.exe (PUP.DownloadAdmin) -> Quarantined and deleted successfully.
  • 0

Advertisements


#17
worldwidewandering

worldwidewandering

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I was able to remove Conduit and Firefox is running fine. I managed to get Malwarebytes installed and ran a scan and it found 6 infected items, which I removed. I've included the Malwarbytes scan log below.



--------------
- Unhide Log -
--------------



Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingc...opic405109.html

Program started at: 09/12/2013 08:48:18 PM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 298115 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 11791 files processed.

The C:\Users\WORLWI~1\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingc...opic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
* DisableTaskMgr policy was found and deleted!
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
* HidNoChangingWallPaperden policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowHelp was set to 0! It was set back to 1!
* Start_ShowMyMusic was set to 0! It was set back to 1!
* Start_ShowMyPics was set to 0! It was set back to 1!
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowRun was set to 0! It was set back to 1!
* Start_ShowSearch was set to 0! It was set back to 1!
* Start_ShowNetPlaces was set to 0! It was set back to 1!
* Start_ShowMyGames was set to 0! It was set back to 1!

Program finished at: 09/12/2013 09:24:52 PM
Execution time: 0 hours(s), 37 minute(s), and 0 seconds(s)




--------------------
- Malwarebytes Log -
--------------------



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 913091303

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/13/2013 1:55:03 AM
mbam-log-2013-09-13 (01-55-02).txt

Scan type: Quick scan
Objects scanned: 241229
Time elapsed: 22 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\LINKSWIFT (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\LinkSwift\iid (PUP.Optional.LinkSwift.A) -> Value: iid -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\worlwidewandering\downloads\the_rifleman_season_2_secure.exe (PUP.Optional.Topmedia) -> Quarantined and deleted successfully.
c:\Users\worlwidewandering\downloads\movie_player_1280.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
c:\Users\worlwidewandering\downloads\vlcmediaplayer-setup.exe (PUP.DownloadAdmin) -> Quarantined and deleted successfully.
  • 0

#18
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Ok, that's good. How do we currently stand? What are the remaining problems?

I want to check one thing just to be sure:


Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#19
worldwidewandering

worldwidewandering

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I ran a scan with TDSKiller and all the items were set at the default "skip". I clicked "Continue" but was not instructed to reboot. I noticed that some of the items were trusted programs like Apache, Filezilla, etc. but there were a few I did not recognize. I didn't set anything to "Cure" but rather clicked continue with everything set to "skip".

It's kind of hard to tell what, if anything might still be wrong. I haven't really been using the computer except to run these scan and fix programs. The computer does seem to be running slow and it hasn't been adding any new programs to the left side of the start menu. I just have the 2 programs that I've pinned to taskbar.


-----------------
- TDSKiller Log -
-----------------

(I'm having to attach the log as I received a message about the post being too long: "Your post was too long. Please go back and shorten it a little.")

Attached Files


  • 0

#20
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Please try to uninstall PrivitizeVPN from the control panel.

Try using the computer for a little bit and then update me how it is running.
  • 0

#21
worldwidewandering

worldwidewandering

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I don't see Privatize VPN in the uninstaller. i think I already uninstalled it from there. Is is possible there are still remnants of this program on my computer?
  • 0

#22
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
There's some left, so let's get rid of it. Replace the old fixlist.txt with the new one attached and run FRST in "Fix" mode again. Please post the fixlog.txt for me.

Also, let's run a general online scan and check for updates.


Step 1: Run SecurityCheck

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I need in your next reply:
  • FRST fixlog
  • SecurityCheck log
  • ESET log
  • Can you update me on the computer's status?

  • 0

#23
worldwidewandering

worldwidewandering

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Were you supposed to attach a new fixlog.txt file or did you mean the last fixlog.txt from my last scan? I don't see an attachment from you and I was wondering whether there was supposed to be one.
  • 0

#24
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Posted Image

Attached Files


  • 0

#25
worldwidewandering

worldwidewandering

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I'm sending you the first 2 logs as I'm having trouble running the ESET scan. It runs for about an hour and gets 37% finished and then freezes up. It has crashed my computer several times now and I've had to do hard shut downs. Ctrl, Alt. Delete doesn't work and I have no other way to restart the computer. I've tried to run the ESET program with everything else turned off, all anti-virus and other start up programs and browser windows but it won't run through without freezing. I try not to touch anything but after a certain amount of time the computer goes into sleep mode - I don't have a screensaver but would that not be just as bad? The one error that shows up is something to do with Conduit. Anyway, here are the other 2 logs:


--------------
- Fixlog.txt -
--------------


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-09-2013 04
Ran by worlwidewandering at 2013-09-13 18:29:07 Run:2
Running from C:\Users\worlwidewandering\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [PrivitizeVPN] - C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe [196784 2012-08-31] (OOO Industry)
C:\Program Files\PrivitizeVPN
C:\Users\WORLWI~1\AppData\Roaming\UPDATE~1

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PrivitizeVPN => Value deleted successfully.
C:\Program Files\PrivitizeVPN => Moved successfully.

"C:\Users\WORLWI~1\AppData\Roaming\UPDATE~1" directory move:

Could not move "C:\Users\WORLWI~1\AppData\Roaming\UPDATE~1" directory. => Scheduled to move on reboot.


=========== Result of Scheduled Files to move ===========

"C:\Users\WORLWI~1\AppData\Roaming\UPDATE~1" => Directory could not move.

==== End of Fixlog ====



---------------
- checkup.txt -
---------------


Results of screen317's Security Check version 0.99.73
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
CCleaner
Java™ SE Runtime Environment 6
Java version out of Date!
Adobe Flash Player 11.8.800.168
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox (23.0.1)
Google Chrome 28.0.1500.95
Google Chrome 29.0.1547.66
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Spybot Teatimer.exe is disabled!
Windows Defender MSASCui.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

Advertisements


#26
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Let's try Bitdefender instead of ESET.


Please run a free on line scan with BitDefender Online Scanner

  • Click the green Start Scanner button
  • Click the green Scan Now button and wait a few seconds until a request appears from Bitdefender
  • Accept the plugin installation
  • Restart your browser in Administation mode if requested
  • Click the green Scan Now button again
  • Accept the eula agreement if asked
  • The scan should start. It will be relatively quick.
  • Click View report (note: this is not the green button - Free download - just click on the words View report under the black button "Get QuickScan for your website")
  • Notepad will open with a log
  • Save to your desktop
  • Copy and paste the report back here

  • 0

#27
worldwidewandering

worldwidewandering

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
The BitDefender Online Scanner ran without finding any infections. The one infection the ESET scan found in the 38% time it ran, was: "Win32/Conduit.SearchProtect.A application". [Edit: I think there may have been a space between the A and the word application]

Edited by worldwidewandering, 16 September 2013 - 12:45 PM.

  • 0

#28
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi,

It is probably an installer or another leftover from Conduit. If you have the file name and path, we can delete it. Or we can see if another scanner will pick it up.

I would recommend that you update your AVAST to the latest version, as your version is quite outdated. It is up to version 8 now. Then you can try running a scan with AVAST, or try the Kaspersky scan below:

  • Go to here
  • Click the download button under Kaspersky Security Scan
  • Download and run the file
  • It will start to download the Kaspersky Security Scan program data
  • Once downloaded the installer will begin
  • Click Next
  • Accept the License Agreement
  • Click Install
  • The program will now install
  • Click Finish
  • Kaspersky Security Scan will now start

    Posted Image
  • Click the Full Scan button

    Posted Image
  • The scan will take about an hour or two depending on the amount of data on your hard drive
  • If the scan detects problems it will open a Problems found window
  • Click Details to generate a scan results report

    Posted Image
  • Once the scan is complete do the following:
    • For XP: Navigate to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot
      For Vista/7: Navigate to C:\ProgramData\Kaspersky Lab\KSS2\DataRoot
    • Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder
    • Attach the HtmlReport zipped folder to your next post
      Posted Image
      Posted Image
      Posted Image
  • You can now close Kaspersky Security Scan

  • 0

#29
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP